Detecting Insider Attacks Using Non-negative Matrix Factorization

Abstract

It is a fact that vast majority of attention is given to protecting against external threats, which are considered more dangerous. However, some industrial surveys have indicated they have had attacks reported internally. Insider Attacks are an unusual type of threat which are also serious and very common. Unlike an external intruder, in the case of internal attacks, the intruder is someone who has been entrusted with authorized access to the network. This paper presents a Non-negative Matrix factorization approach to detect inside attacks. Comparisons with other established pattern recognition techniques reveal that the Non-negative Matrix Factorization approach could be also an ideal candidate to detect internal threats.